Meylan Technologies & ConsultingManaging Segregation of Duties risks in SAP is a well-understood problem. The challenge has never been about knowing what to do. It has been about having practical, accessible tools to do it. Traditional GRC platforms are powerful, but they come with significant overhead: dedicated infrastructure, licensing costs, implementation projects, and ongoing maintenance. For many organizations, this overhead means SoD analysis happens infrequently, slowly, or not at all.
MTC Skopos was built to close that gap. It is a portable risk analysis application that performs SoD and critical access analysis on SAP and non-SAP systems without requiring installation, a dedicated server, or a persistent connection to your production environment.
What MTC Skopos Does
At its core, MTC Skopos analyzes user access against a defined ruleset to identify SoD conflicts and critical access risks. It answers the questions that security teams, auditors, and project managers need answered:
- Which users have SoD conflicts, and which specific access combinations create those conflicts?
- Which users hold critical access that should be restricted or monitored?
- What would happen to the risk landscape if a particular role were assigned to a user or group of users?
- How do risks compare across multiple systems in the same landscape?
These are the same questions that any GRC tool answers. What makes MTC Skopos different is how it answers them.
Key Features
Portable and Installation-Free
MTC Skopos runs as a standalone application. There is no installation process, no server to provision, no database to configure. You download it, point it at your data, and start analyzing. This makes it practical for consultants working at client sites, for internal teams that need quick answers, and for organizations that cannot justify the infrastructure investment of a full GRC deployment.
Fully Offline Capable
The application works entirely offline. Your SAP authorization data never needs to leave your network. For organizations with strict data governance requirements, or those operating in regulated industries where data residency matters, this is a significant advantage. You can extract your SAP data, run the analysis on a local machine, and produce results without any data being transmitted externally.
Cross-System Analysis
Most organizations run more than one SAP system. Many also have non-SAP applications with their own access models. SoD risks do not stop at system boundaries. A user who has purchase order creation access in one SAP system and payment execution access in another still has a SoD conflict, even though neither system shows a violation on its own.
MTC Skopos supports cross-system SoD analysis, allowing you to evaluate risks that span multiple systems. For SAP systems, data can be imported via RFC connection or from flat files. For non-SAP systems, a generic user-privilege format is supported, enabling you to bring any system into the analysis as long as the data can be structured appropriately.
Simulation
One of the most valuable capabilities in SoD management is the ability to test access changes before they are implemented. MTC Skopos includes a simulation engine that lets you model what-if scenarios:
- What SoD conflicts would be introduced if this role were assigned to a user?
- What risks would be eliminated if a particular authorization were removed from a role?
- How would a proposed role redesign affect the overall risk landscape?
Running these simulations before making changes in production prevents new SoD conflicts from being introduced during role provisioning or redesign projects. This is far more efficient than the common pattern of making changes in production and then running an analysis to see what went wrong.
Power BI Reporting
Analysis results can be exported to a ready-to-use Power BI template that provides visual dashboards and drill-down capabilities. This makes it straightforward to present findings to management, share results with auditors, or track remediation progress over time. The reports are designed to be actionable, showing not just the number of conflicts but the specific users, roles, and access combinations involved.
User and Role Information System
Beyond SoD analysis, MTC Skopos includes a built-in information system for exploring your authorization landscape. You can browse users, roles, and authorization details with a few clicks, making it a useful day-to-day tool for anyone who needs to understand or review SAP access, not just during formal risk assessments.
Who Is It For?
MTC Skopos serves several distinct audiences:
SAP Security consultants who need to perform risk assessments at client sites quickly, without depending on the client having a GRC system in place. The portable nature of the tool means you can bring your own analysis capability to any engagement.
Internal audit teams who need to independently verify SoD controls without relying on the same GRC system managed by the first line of defense. Having a separate tool provides the independence that audit standards require.
SAP project teams working on role redesign, S/4HANA migrations, or access cleanup initiatives. The simulation capability is particularly valuable during these projects, where access changes are frequent and the risk of introducing new conflicts is high.
Small to mid-sized organizations that need proper SoD analysis but cannot justify the cost and complexity of a full SAP GRC deployment. MTC Skopos provides enterprise-grade analysis at a fraction of the overhead.
How It Compares to Traditional GRC
SAP GRC Access Control is the established market leader for SoD management in SAP environments. It is a comprehensive platform that includes access risk analysis, access request management, emergency access (firefighter) management, and business role management. For large enterprises with the infrastructure and budget to support it, GRC Access Control is a solid choice.
But not every organization needs or can support that level of deployment. Here is where MTC Skopos offers a different value proposition:
| Aspect | SAP GRC Access Control | MTC Skopos |
|---|---|---|
| Infrastructure | Requires dedicated SAP system | None (portable application) |
| Installation | Full implementation project | No installation needed |
| Licensing | SAP licensing model | Simple licensing |
| Offline use | Requires system connectivity | Fully offline capable |
| Cross-system | SAP-focused | SAP and non-SAP |
| Simulation | Available | Available |
| Time to first analysis | Weeks to months | Same day |
The two approaches are not mutually exclusive. Organizations running SAP GRC can still benefit from MTC Skopos for ad-hoc analysis, project-specific assessments, or cross-system evaluations that fall outside GRC's scope.
Getting Started
MTC Skopos is designed to deliver value on the first day. Extract your SAP data (via RFC or flat file export), load it into the application, apply your ruleset, and run the analysis. Results are available in minutes, not weeks.
If you do not have an existing ruleset, Meylan Technologies & Consulting can help you build one tailored to your environment and risk appetite.
To see the tool in action, visit our MTC Skopos page and we will walk you through a live analysis using sample data or your own.